async def set_objectacl_by_dn(
self,
object_dn,
data,
flags=SDFlagsRequest.DACL_SECURITY_INFORMATION
| SDFlagsRequest.GROUP_SECURITY_INFORMATION
| SDFlagsRequest.OWNER_SECURITY_INFORMATION):
"""
Updates the security descriptor of the LDAP object
:param object_dn: The object's DN
:type object_dn: str
:param data: The actual data as bytearray to be updated in the Security Descriptor of the specified object
:type data: bytes
:param flags: Flags indicate the data type to be updated.
:type flags: :class:`SDFlagsRequest`
:return: A tuple of (True, None) on success or (False, Exception) on error.
:rtype: tuple
"""
req_flags = SDFlagsRequestValue({'Flags': flags})
controls = [
Control({
'controlType': b'1.2.840.113556.1.4.801',
'controlValue': req_flags.dump(),
'criticality': True,
})
]
changes = {'nTSecurityDescriptor': [('replace', [data])]}
return await self._con.modify(object_dn, changes, controls=controls)
async def get_all_objectacl(self):
"""
Yields the security descriptor of all objects in the LDAP tree of the following types:
Users, Computers, GPOs, OUs, Groups
:return: Async generator which yields (`MSADSecurityInfo`, None) tuple on success or (None, `Exception`) on error
:rtype: Iterator[(:class:`MSADSecurityInfo`, :class:`Exception`)]
"""
flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION | SDFlagsRequest.GROUP_SECURITY_INFORMATION | SDFlagsRequest.OWNER_SECURITY_INFORMATION
req_flags = SDFlagsRequestValue({'Flags': flags_value})
ldap_filter = r'(|(objectClass=organizationalUnit)(objectCategory=groupPolicyContainer)(sAMAccountType=805306369)(objectClass=group)(sAMAccountType=805306368))'
async for entry, err in self.pagedsearch(ldap_filter,
attributes=['dn']):
if err is not None:
yield None, err
return
ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(
entry['objectName'])
attributes = MSADSecurityInfo.ATTRS
controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
async for entry2, err in self.pagedsearch(ldap_filter,
attributes,
controls=controls):
if err is not None:
yield None, err
return
yield MSADSecurityInfo.from_ldap(entry2), None
async def get_objectacl_by_dn(
self,
dn,
flags=SDFlagsRequest.DACL_SECURITY_INFORMATION
| SDFlagsRequest.GROUP_SECURITY_INFORMATION
| SDFlagsRequest.OWNER_SECURITY_INFORMATION):
"""
Returns the full or partial Security Descriptor of the object specified by it's DN.
The flags indicate which part of the security Descriptor to be returned.
By default the full SD info is returned.
:param object_dn: The object's DN
:type object_dn: str
:param flags: Flags indicate the data type to be returned.
:type flags: :class:`SDFlagsRequest`
:return: nTSecurityDescriptor attribute of the object as `bytes` and an `Exception` is there was any
:rtype: (:class:`bytes`, :class:`Exception`)
"""
req_flags = SDFlagsRequestValue({'Flags': flags})
ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
attributes = ['nTSecurityDescriptor']
controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
async for entry, err in self.pagedsearch(ldap_filter,
attributes,
controls=controls):
if err is not None:
return None, err
return entry['attributes'].get('nTSecurityDescriptor'), None
return None, None
async def get_objectacl_by_dn_p(
self,
dn,
flags=SDFlagsRequest.DACL_SECURITY_INFORMATION
| SDFlagsRequest.GROUP_SECURITY_INFORMATION
| SDFlagsRequest.OWNER_SECURITY_INFORMATION):
"""
Returns the full or partial Security Descriptor of the object specified by it's DN.
The flags indicate which part of the security Descriptor to be returned.
By default the full SD info is returned.
:param object_dn: The object's DN
:type object_dn: str
:param flags: Flags indicate the data type to be returned.
:type flags: :class:`SDFlagsRequest`
:return:
:rtype: :class:`MSADSecurityInfo`
"""
req_flags = SDFlagsRequestValue({'Flags': flags})
ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
attributes = MSADSecurityInfo.ATTRS
controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
async for entry, err in self.pagedsearch(ldap_filter,
attributes,
controls=controls):
if err is not None:
yield None, err
return
yield MSADSecurityInfo.from_ldap(entry), None
def get_objectacl_by_dn(self, dn):
"""
Returns all ACL info for all AD objects
"""
flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION|SDFlagsRequest.GROUP_SECURITY_INFORMATION|SDFlagsRequest.OWNER_SECURITY_INFORMATION
req_flags = SDFlagsRequestValue({'Flags' : flags_value})
ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
attributes = MSADSecurityInfo.ATTRS
controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
for entry in self.pagedsearch(ldap_filter, attributes, controls = controls):
yield MSADSecurityInfo.from_ldap(entry)
def get_all_objectacl(self):
"""
Returns all ACL info for all AD objects
"""
flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION|SDFlagsRequest.GROUP_SECURITY_INFORMATION|SDFlagsRequest.OWNER_SECURITY_INFORMATION
req_flags = SDFlagsRequestValue({'Flags' : flags_value})
ldap_filter = r'(objectClass=*)'
attributes = MSADSecurityInfo.ATTRS
controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
for entry in self.pagedsearch(ldap_filter, attributes, controls = controls):
yield MSADSecurityInfo.from_ldap(entry)
async def get_all_objectacl(self):
"""
bbbbbb
"""
flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION | SDFlagsRequest.GROUP_SECURITY_INFORMATION | SDFlagsRequest.OWNER_SECURITY_INFORMATION
req_flags = SDFlagsRequestValue({'Flags': flags_value})
ldap_filter = r'(|(objectClass=organizationalUnit)(objectCategory=groupPolicyContainer)(sAMAccountType=805306369)(objectClass=group)(sAMAccountType=805306368))'
async for entry in self.pagedsearch(ldap_filter, attributes=['dn']):
ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(
entry['objectName'])
attributes = MSADSecurityInfo.ATTRS
controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
async for entry2 in self.pagedsearch(ldap_filter,
attributes,
controls=controls):
yield MSADSecurityInfo.from_ldap(entry2)